Exim MTA

Exim Smarthost Configuration

Smarthost setup with Exim router, transport and AUTH settings

What does this guide do?

Ensures all emails sent from your Exim MTA servers (non-cPanel) are delivered through the MXGate smarthost (with authentication).

Prerequisites

Root access
Exim 4.94+ installed and running
SMTP username and password created from MXGate panel
TLS/SSL support (GnuTLS or OpenSSL)

Important Warning

Exim configuration file is edited directly. Incorrect configuration can stop all mail traffic. ALWAYS backup before proceeding!

1 Backup Exim Configuration File

Take a backup of the Exim configuration file just in case:

# Exim yapılandırma dosyasının yerini bulun:

exim -bP configure_file

# Genellikle:

sudo cp /etc/exim/exim.conf /etc/exim/exim.conf.backup.$(date +%Y%m%d)

# veya:

sudo cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup.$(date +%Y%m%d)

2 Router Definition

Add the following router definition to the begin routers section in your Exim configuration file:

# begin routers bölümünde, diğer router\'lardan ÖNCE ekleyin:

# ============================================

# MXGate Smarthost Router

# ============================================

mxgate_smarthost:

driver = manualroute

domains = ! +local_domains

transport = mxgate_smtp

route_list = * smtp.mxgate.com.tr::587

no_more

no_verify

Place this router BEFORE dnslookup or default smart host router. Otherwise emails will try to send directly.

3 Transport Definition

Add the following transport definition to the begin transports section in your Exim configuration file:

# begin transports bölümüne ekleyin:

# ============================================

# MXGate SMTP Transport

# ============================================

mxgate_smtp:

driver = smtp

hosts = smtp.mxgate.com.tr

port = 587

hosts_require_auth = smtp.mxgate.com.tr

hosts_require_tls = smtp.mxgate.com.tr

tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt

Adjust tls_verify_certificates path according to your distribution (for CentOS: /etc/pki/tls/certs/ca-bundle.crt)

4 AUTH (Authentication) Definition

Add the following authentication definition to the begin authenticators section in your Exim configuration file:

# begin authenticators bölümüne ekleyin:

# ============================================

# MXGate SMTP Authentication

# ============================================

mxgate_auth:

driver = plaintext

public_name = LOGIN

client_send = : MXGATE_KULLANICI_ADI : MXGATE_SIFRE

.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS

client_condition = ${if eq{$tls_out_cipher}{}{}{*}}

.endif

Security: Replace MXGATE_USERNAME and MXGATE_PASSWORD with actual credentials from MXGate panel. Format: : username : password (starts with colon)

The client_condition line ensures passwords are only sent over TLS encrypted connections.

5 Verify Configuration and Restart

Check the configuration file syntax before applying changes:

# Syntax kontrolü:

exim -bV

# Detaylı syntax kontrolü:

exim -C /etc/exim/exim.conf -bV

# Hata yoksa Exim\'i yeniden başlat:

systemctl restart exim

# veya:

service exim restart

# veya:

/etc/init.d/exim restart

# Servis durumunu kontrol edin:

systemctl status exim

# Exim süreçlerini kontrol edin:

ps aux | grep exim

6 Testing and Verification

Test if the configuration is working:

# Test e-postası gönder:

echo "Subject: Test" | exim -v test@example.com

# Exim loglarını izle:

tail -f /var/log/exim/mainlog

# veya:

tail -f /var/log/exim4/mainlog

# veya:

tail -f /var/log/mail.log

# Başarılı bağlantı görmelisiniz:

"smtp.mxgate.com.tr [IP]:587 connected"

"TLS: using cipher TLSv1.3..."

"250 OK id=xxx"

"=> test@example.com R=mxgate_smarthost"

# Hata görebilirsiniz:

"535 Incorrect authentication data"

"connection refused"

# Exim debug modunda çalıştırma:

exim -d -Mvl <message-id>

# Router debug:

exim -d -bt test@example.com

Success! All your outgoing emails are now delivered encrypted and authenticated through MXGate.

Troubleshooting

535 Incorrect authentication data:

Username/password incorrect. Check client_send format in AUTH section: : username : password

router omitted: no_more flag set:

Router order is wrong. Ensure mxgate_smarthost router is placed BEFORE dnslookup.

TLS required but not available:

Exim may not be compiled with TLS support. Or tls_verify_certificates file may not be found.

Connection refused:

Firewall may be blocking port 587. Ensure your server IP is in MXGate whitelist.

Unrecognized option:

There is a syntax error. Check spaces and tab characters. Exim is very sensitive to whitespace.

Debian/Ubuntu Exim4 Specific

Debian/Ubuntu systems may use Exim4 "split configuration". In this case:

# Split configuration kullanıyorsanız:

sudo nano /etc/exim4/conf.d/router/150_mxgate

sudo nano /etc/exim4/conf.d/transport/30_mxgate

sudo nano /etc/exim4/conf.d/auth/30_mxgate

# Yapılandırmayı yeniden oluştur:

sudo update-exim4.conf

sudo systemctl restart exim4

# Veya tek dosya moduna geç:

sudo dpkg-reconfigure exim4-config

# "internet site; mail is sent and received directly using SMTP" seç

Postfix

Documentation cPanel/WHM